From 15dba6846f1c9ad70fbefc541ed9d121f9d66322 Mon Sep 17 00:00:00 2001
From: jimsihk <99048231+jimsihk@users.noreply.github.com>
Date: Mon, 15 Aug 2022 20:09:23 +0800
Subject: [PATCH] Hide server info for security hardening

---
 config/nginx.conf | 5 +++++
 config/php.ini    | 1 +
 2 files changed, 6 insertions(+)

diff --git a/config/nginx.conf b/config/nginx.conf
index 1582cd6..fd61217 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -85,6 +85,11 @@ http {
         }
     }
     
+    # Hardening
+    proxy_hide_header X-Powered-By;
+    fastcgi_hide_header X-Powered-By;
+    server_tokens off;
+    
     gzip on;
     gzip_proxied any;
     gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
diff --git a/config/php.ini b/config/php.ini
index 7bb1be5..d85d12a 100644
--- a/config/php.ini
+++ b/config/php.ini
@@ -1,2 +1,3 @@
 [Date]
 date.timezone="UTC"
+expose_php= Off
\ No newline at end of file